This issue has been solved lately.
When using the older version of the wss4j (v2.1.1 and older) you can pass the need of the String reference for the property file (e.g. WSHandlerConstants.SIG_PROP_REF_ID) by overriding WSHandler.loadCrypto() and injecting a created Property object by Spring util, e.g.:
<util:properties id="wss4jCryptoProperties">
<prop key="org.apache.ws.security.crypto.merlin.keystore.file">!sp{keystore.file}</prop>
<prop key="org.apache.ws.security.crypto.merlin.keystore.type">!sp{keystore.type}</prop>
<prop key="org.apache.ws.security.crypto.merlin.keystore.password">!sp{keystore.password}</prop>
</util:properties>
Overriding the WSHandler.loadCrypto() by an example:
public class PropertiesWSS4JInInterceptor extends WSS4JInInterceptor {
private Properties cryptoProperties;
public PropertiesWSS4JInInterceptor(Map<String, Object> inProps,
Properties cryptoProperties) {
super(inProps);
this.cryptoProperties = cryptoProperties;
}
@Override
protected Crypto loadCrypto(String cryptoPropertyFile, String cryptoPropertyRefId,
RequestData requestData) throws WSSecurityException {
return CryptoFactory.getInstance(cryptoProperties);
}
}
In addition, you can inject the wss4jCryptoProperties in your customBean (don't forget to create the field named cryptoProperties in the referenced class and a setter):
<bean id="customBean" class="cz.company.CustomBean">
<property name="cryptoProperties" ref="wss4jCryptoProperties"/>
</bean>
Finally, you can add the interceptor to your endpoint:
endpoint.getInInterceptors().add(new PropertiesWSS4JInInterceptor(inProps, cryptoProperties));